Data Protection

So there is the new Data Protection Bill to put in place the rules under the General Data Protection Regulation, under EU law.

Well, there is a lot to this, so this is just a placeholder post really - to say there is a lot of shit going down, and with any luck I can post more about this in due course.

This, and the NIS directive, almost feel like exactly the sort of thing those Brexit voters were wanting to kill off!


  1. We will have just as much stupidity once we have left the EU. The only difference is it will be us that created it. I'm sure the media will still blame the EU though.

    1. It is going to take 20 to 30 years to extract us from all EU stupidity so (rare for me to say it) the media may be right in some cases.

    2. I'm not sure why protecting peoples' personal data is "stupidity"? GDPR has lots of really nice protections, like the requirement for businesses to tell you when they have bought your data from another business, so you can keep track of who's got it.

    3. There is a lot to be said for close regulation of those that actually work on and trade and deal with personal data - people whose actual business is your data. However there is also a lot that gets dragged in to that where actually the processing is no more than normal business practice, like having the name and address of the person you bill, or the absolutely crazy idea that an IP address is somehow personal data even when it is not. For a business like us, which does not even do a bulk mail shot to existing customers, it is adding a heck of a lot of work and cost and risk of fines which should not be necessary. It is also hard to see that it will necessarily be effective where you want it to.

  2. The Telegraph did an article about GDRP the other day. most of the comments on it were Brexiters complaining either that (1) we shouldn't have to have these stupid EU laws (because protecting personal data is somehow bad?) or (2) we don't need the EU to get these laws because our own government could pass them themselves (yes, they could... but they haven't, so maybe that shows the EU's worth by the fact that they have forced the issue?).

  3. If you have the name and address for the person you bill, then that is `necessary for contract`. So you are probably fine.

    Probably fine, because the ICO has not published any guidance yet. Until the ICO publishes, then anybody talking about GDPR needs to be careful.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Breaking my heart

One of the things I suffer from is tachycardia. My first memory of this was in secondary school, when I got a flat tyre cycling to school an...